Categories
cookies express javascript node.js

Cookies and SameSite + Secure – ExpressJS

The following warning is being shown in the console, even though I have the following settings on my express application. Has anyone seen this error before? My search brought me to https://github.com/expressjs/express/issues/3095

I am also using express : 4.17.1

let COOKIE_OPTIONS = { httpOnly: true, sameSite: 'None', secure: true };

A cookie associated with a cross-site resource at http://MYURL.URL was set
without the `SameSite` attribute. A future release of Chrome will only deliver
cookies with cross-site requests if they are set with `SameSite=None` and
`Secure`. You can review cookies in developer tools under
Application>Storage>Cookies and see more details at
https://www.chromestatus.com/feature/5088147346030592 and
https://www.chromestatus.com/feature/5633521622188032.

When doing a request using Insomia (Postman) I see the following

access_token=someToken; 
Path=/;
HttpOnly;
Secure;
SameSite=None